the code above is a webshell, which takes the content of the Accept-Language request-header field as input for an eval. The second part of the code in the description of the exploit will generate and send the content to the target system.

There are many ways of tricking the target server into executing the code of the webshell. This does not mean that the code always has to be present on the target system as an actual file. Often the presence of some further vulnerability is required.

One possibility is to use a remote file inclusion vulnerability (RFI), which is a common vulnerability on the web. You can find a description with an example here:
http://projects.webappsec.org/w/page/13246955/Remote%20File%20Inclusion

Wikipedia also has a description with a nice example:
http://en.wikipedia.org/wiki/Remote_file_inclusion

Another way could be to exploit a vulnerability in a file upload functionality, which allows users to upload avatar images or something like that. Uploading .php files may not be allowed. Sometimes it is possible to upload a file with the name ".htaccess" into a publicly accessible directory. The filename looks so weird that it may pass through a badly designed filter. But with this file you can tell the Apache server to parse files with an extension like .gif or .png as PHP. You can upload your PHP-webshell as a GIF image, there are tutorials on the web, which describe how to put PHP code into a GIF image. This trick is very old.

These are just two possibilities. You could also ask one of the site administrators for an FTP access or ask them to upload the webshell for you.
It's the simple things in life you treasure :-)